Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/11b08533-7e4f-4dde-8f78-bb8fa0cbe278.roa
File:                     11b08533-7e4f-4dde-8f78-bb8fa0cbe278.roa (raw, json)
Hash identifier:          2CogBrfaj6pTC8jP0mkmW3evVQ5XpusoAULxyuYZ2Oo=
Subject key identifier:   29:FF:08:29:B8:4D:25:2B:80:40:51:8C:14:B7:93:C7:2E:FB:82:11
Certificate issuer:       /CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
Certificate serial:       67D620CB66ED5EEBF261C108F63B1FEDF7127784
Authority key identifier: 6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/11b08533-7e4f-4dde-8f78-bb8fa0cbe278.roa
Signing time:             Fri 10 Oct 2025 17:05:01 +0000
ROA not before:           Fri 10 Oct 2025 17:05:01 +0000
ROA not after:            Fri 14 Nov 2025 23:59:59 +0000
asID:                     801
IP address blocks:        35.96.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/6755970c-4747-499d-9774-5e1308c501a7.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/6755970c-4747-499d-9774-5e1308c501a7.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/0357272c-a79a-45bf-9586-92dd49ef3223.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 21 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:d6:20:cb:66:ed:5e:eb:f2:61:c1:08:f6:3b:1f:ed:f7:12:77:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c
        Validity
            Not Before: Oct 10 17:05:01 2025 GMT
            Not After : Nov 14 23:59:59 2025 GMT
        Subject: serialNumber=1ae80711e81e27d49e3b72d0bc7508855354dc1e08282b2666abbaf15b1f244f, CN=8cd8442f-235f-4171-84e6-8e1007a64c60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:27:38:01:da:0a:05:99:44:84:5a:b7:6d:81:
                    e9:1c:76:cb:fd:79:7b:0d:80:86:49:c9:71:70:73:
                    2b:d1:bf:0d:dc:a9:63:62:30:69:9e:64:37:49:52:
                    f3:88:a4:96:ea:de:f3:b4:61:ef:f9:86:67:ac:6b:
                    62:cc:a1:7c:97:bc:44:d6:20:7c:e6:0d:fa:1d:d2:
                    34:64:b3:41:64:ca:4a:05:ad:c2:e6:fd:f8:5a:1c:
                    eb:9a:52:a9:f1:72:7b:f5:e3:71:c1:a3:e5:c7:3e:
                    1c:4d:3f:9f:7a:0c:59:10:98:1b:a1:33:fb:61:2e:
                    a0:74:bd:3b:df:83:5d:0a:88:9b:bb:1c:f4:1a:30:
                    25:21:b0:74:96:52:57:2a:bb:19:12:e0:bf:30:fb:
                    00:61:a1:64:02:58:cf:93:0f:21:1a:58:e3:54:4e:
                    32:5e:d8:b7:c5:d3:ba:ed:b2:4a:be:34:27:d2:54:
                    b7:c1:c8:99:b8:68:17:ec:65:cb:ae:a5:b5:2f:e8:
                    6f:00:e4:01:01:15:c3:f3:41:5a:27:1d:fa:92:05:
                    e2:5a:da:f7:a6:f3:bf:cf:b9:9d:a9:0d:2d:aa:1e:
                    48:fd:56:02:ce:d2:d6:17:04:d1:ff:08:f0:5e:05:
                    b3:c5:bc:ad:52:fc:6f:a2:7b:af:4a:31:70:bf:55:
                    59:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:FF:08:29:B8:4D:25:2B:80:40:51:8C:14:B7:93:C7:2E:FB:82:11
            X509v3 Authority Key Identifier:
                keyid:6A:CC:3E:7D:A2:E7:6D:99:11:0F:D6:39:C4:13:7E:42:42:99:70:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/6755970c-4747-499d-9774-5e1308c501a7/9ab015f3826e013512a45298a42f2baba1fa72f8d27938878c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/11b08533-7e4f-4dde-8f78-bb8fa0cbe278.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/e72d8db0-4728-4fc1-bdd8-471129866362/bgE1EqRSmKQvK6uh-nL40nk4h4w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  35.96.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:e6:63:5b:c9:5e:cd:1b:53:58:6a:84:09:ef:5d:78:76:d3:
         15:88:29:be:2f:63:18:60:a1:97:ce:35:2c:d7:45:31:5b:85:
         b0:ee:8d:a6:34:1a:0f:be:73:2c:fc:ab:9b:ed:2f:e6:56:84:
         6e:ff:5a:b4:18:23:db:a3:28:58:c4:f0:1d:f9:1a:cc:2c:55:
         5c:ba:f3:5b:8a:2b:c5:da:fd:6d:71:75:09:4e:65:67:d1:1b:
         07:a9:a6:a7:49:bb:76:71:f9:a3:ff:04:a5:b5:74:1b:17:c2:
         cb:9b:62:2b:ea:27:84:5e:b2:9b:c7:e9:9b:e7:b0:8a:f4:f6:
         50:75:59:78:4f:5d:22:02:9b:0a:24:f6:ba:0f:fb:32:ab:bc:
         89:15:88:81:1c:a7:79:7e:a7:86:2d:82:e1:cf:d5:78:1c:c2:
         de:04:f7:a0:26:57:cc:7c:a2:19:e3:76:cf:37:75:7f:11:9f:
         bb:43:3f:b8:70:d8:ba:13:41:05:a6:dd:c2:22:6b:e9:34:76:
         53:61:f5:b1:d2:bd:c5:5b:ec:ce:05:31:24:0a:f2:ec:ae:f6:
         85:5c:b8:ef:74:6e:f3:98:1b:4e:2b:f9:a7:e9:60:1b:7a:b1:
         1c:de:b0:f3:e1:4f:15:e2:3e:ea:8c:a5:07:56:00:ad:2c:26:
         f7:49:7e:3b
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUZ9Ygy2btXuvyYcEI9jsf7fcSd4QwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1Mjk4YTQyZjJiYWJh
MWZhNzJmOGQyNzkzODg3OGMwHhcNMjUxMDEwMTcwNTAxWhcNMjUxMTE0MjM1OTU5
WjB6MUkwRwYDVQQFE0AxYWU4MDcxMWU4MWUyN2Q0OWUzYjcyZDBiYzc1MDg4NTUz
NTRkYzFlMDgyODJiMjY2NmFiYmFmMTViMWYyNDRmMS0wKwYDVQQDEyQ4Y2Q4NDQy
Zi0yMzVmLTQxNzEtODRlNi04ZTEwMDdhNjRjNjAwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC+JzgB2goFmUSEWrdtgekcdsv9eXsNgIZJyXFwcyvRvw3c
qWNiMGmeZDdJUvOIpJbq3vO0Ye/5hmesa2LMoXyXvETWIHzmDfod0jRks0FkykoF
rcLm/fhaHOuaUqnxcnv143HBo+XHPhxNP596DFkQmBuhM/thLqB0vTvfg10KiJu7
HPQaMCUhsHSWUlcquxkS4L8w+wBhoWQCWM+TDyEaWONUTjJe2LfF07rtskq+NCfS
VLfByJm4aBfsZcuupbUv6G8A5AEBFcPzQVonHfqSBeJa2vem87/PuZ2pDS2qHkj9
VgLO0tYXBNH/CPBeBbPFvK1S/G+ie69KMXC/VVnlAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUKf8IKbhNJSuAQFGMFLeTxy77ghEwHwYDVR0jBBgwFoAUasw+faLnbZkR
D9Y5xBN+QkKZcNgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy82NzU1OTcwYy00
NzQ3LTQ5OWQtOTc3NC01ZTEzMDhjNTAxYTcvOWFiMDE1ZjM4MjZlMDEzNTEyYTQ1
Mjk4YTQyZjJiYWJhMWZhNzJmOGQyNzkzODg3OGMuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZTcyZDhkYjAtNDcyOC00ZmMxLWJkZDgtNDcx
MTI5ODY2MzYyLzExYjA4NTMzLTdlNGYtNGRkZS04Zjc4LWJiOGZhMGNiZTI3OC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2U3MmQ4ZGIwLTQ3MjgtNGZjMS1iZGQ4
LTQ3MTEyOTg2NjM2Mi9iZ0UxRXFSU21LUXZLNnVoLW5MNDBuazRoNHcuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAAjYPQwDQYJKoZIhvcNAQELBQADggEBAEfmY1vJXs0bU1hqhAnvXXh20xWI
Kb4vYxhgoZfONSzXRTFbhbDujaY0Gg++cyz8q5vtL+ZWhG7/WrQYI9ujKFjE8B35
GswsVVy681uKK8Xa/W1xdQlOZWfRGweppqdJu3Zx+aP/BKW1dBsXwsubYivqJ4Re
spvH6ZvnsIr09lB1WXhPXSICmwok9roP+zKrvIkViIEcp3l+p4YtguHP1Xgcwt4E
96AmV8x8ohnjds83dX8Rn7tDP7hw2LoTQQWm3cIia+k0dlNh9bHSvcVb7M4FMSQK
8uyu9oVcuO90bvOYG04r+afpYBt6sRzesPPhTxXiPuqMpQdWAK0sJvdJfjs=
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:58:00 2025 by rpki-client